Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.
Digital security certificates assure regular users that the websites they visit can be trusted and are free of malicious code. But if security certificates are themselves compromised, how can users be protected from malicious hackers?
Certificate authority Let's Encrypt has disabled TLS-SNI-01 validation on its service. Through the vulnerability, a hacker could have requested certificates for domains that were not theirs.
The new GCSE was meant to have provided pupils skills for the future, but no one is doing the course, where did we go wrong?
The web firm Mozilla claims that despite it's failings, the use of HTTPS by web users is still preferable to them not doing so.
A fundamental fault in the SSL handshake could allow hackers to use subvert MacOS and iOS devices and recruit them into a DDoS attack.
Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.
The Certificate Authority (CA) model is broken and the value of certificates is being chipped away, resulting in a lack of trust says Kevin Bocek, adding that his might lead users and even the major browsers to begin to rank CAs.
Let's Encrypt, an initiative of the Internet Security Research Group, has opened its free-of-charge digital certificate store to all.
Windows Defender has come to the rescue giving users the ability to detect and remove the vulnerable Dell certificates from the certificate root store, as well as the affected binaries that might re-install it.
Mozilla has stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month demonstrated the algorithm could be broken in as little as three months.
Close to 1 million websites are at risk from fraudsters because they continue to place their trust in security certificates using the vulnerable SHA-1 hashing algorithm.
Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.
Certificate and key errors are costing businesses dearly and undermining the global economy, according to a Ponemon/Venafi report.
ICYMI: hospital in email breach; crashing Chrome; Symantec purges; ICO more free; Apple apps snapped
In this week's In Case You Missed It (ICYMI): NHS hospital email breached; crash Google Chrome in 16 chars; Symantec dismisses staff over certs; ICO moved from MOJ to Culture; Apple apps infected with malware.
A leak of a major technology company's security key has been discovered, allowing hackers to convince Windows that their malware is legit.
While acknowledging threats from digital certificates, many security professionals are failing to get to grips with the problem, claims Venafi in a new report.
CESG, the information arm of GCHQ, was forced to take down its HTTPS website earlier this week after the organisation's SSL digital certificate was revoked.
Google has reacted quickly to a suspected security breach last week by refusing to recognise certificates from Chinese authority CNNIC.
A lack of control over cryptographic keys and certificates could leave large UK businesses open to attack.
It was five months before the intrusion at Bit9 was detected.
Businesses do not get the concept of certificate management and there is a lack of trust between users, according to Venafi.
Whitelisting technology vendor Bit9 was hacked at the end of Friday, with hackers accessing its code-signing certificates and enabling them to digitally sign malware to appear as legitimate files.
Details of the hack that lead to man-in-the-middle attacks on hundreds of thousands of Iranians' Google accounts and ultimately the liquidation of certificate authority DigiNotar have been released by the Dutch government.